CVE-1999-1231

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.

Published : 1999-06-09 04:00 Updated : 2017-12-19 02:29

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Ssh Ssh2 2.0.1 cpe:/a:ssh:ssh2:2.0.1
Ssh Ssh2 2.0.12 cpe:/a:ssh:ssh2:2.0.12
Ssh Ssh2 2.0.2 cpe:/a:ssh:ssh2:2.0.2
Ssh Ssh2 2.0 cpe:/a:ssh:ssh2:2.0
Ssh Ssh2 2.0.11 cpe:/a:ssh:ssh2:2.0.11
Ssh Ssh2 2.0.3 cpe:/a:ssh:ssh2:2.0.3
Ssh Ssh2 2.0.10 cpe:/a:ssh:ssh2:2.0.10
Ssh Ssh2 2.0.4 cpe:/a:ssh:ssh2:2.0.4
Ssh Ssh2 2.0.5 cpe:/a:ssh:ssh2:2.0.5
Ssh Ssh2 2.0.6 cpe:/a:ssh:ssh2:2.0.6
Ssh Ssh2 2.0.7 cpe:/a:ssh:ssh2:2.0.7
Ssh Ssh2 2.0.8 cpe:/a:ssh:ssh2:2.0.8
Ssh Ssh2 2.0.9 cpe:/a:ssh:ssh2:2.0.9
  1. Ssh (1) Search CVE
    1. Ssh2 (13) Search CVE
      1. 2.0.1
      2. 2.0.12
      3. 2.0.2
      4. 2.0
      5. 2.0.11
      6. 2.0.3
      7. 2.0.10
      8. 2.0.4
      9. 2.0.5
      10. 2.0.6
      11. 2.0.7
      12. 2.0.8
      13. 2.0.9

CWE

There is no CWE for this CVE.

History of changes

Date Event
2017-12-19 02:29
1999-06-09 04:00

New CVE